Hi Sergio,
thanks for your response. I have some more questions and
would greatly appreciate it if you, or somebody else could
help me some more.
Sergio Rabellino wrote:
> Jacobus van der Merwe wrote:
> > ...
> > [Netscape says certs are accepted for 'People' but there is
> > nothing there]
> > ...
> > Can anyone give me some idea of what is wrong with my certs?
>
> probably you can find these certificates under the "signers" list...
Nope, there is no sign of them.
> This is due to the absence of the "netscapeCertType" extension in the
> certificate emitted by your CA...
Ok, I tried to figure this one out, but I am stuck.
In my openssl.cnf file, there is a CA_EmailCerts. In the section for
CA_EmailCerts the extension is specified as :
x509_extensions = x509v3_ext_EmailCerts
And x509v3_ext_EmailCerts looks like this :
[ x509v3_ext_EmailCerts ]
keyUsage = nonRepudiation, digitalSignature
nsComment = "This certificate is used for e-mail."
nsBaseUrl = "https://comint.dec.mil.za/"
nsCaRevocationUrl =
cgi-bin/pyca/get-cert.py/EmailCerts/crl
nsRevocationUrl =
cgi-bin/pyca/ns-check-rev.py/EmailCerts?
nsRenewalUrl = cgi-bin/pyca/ns-renewal.py/EmailCerts?
nsCaPolicyUrl = TestCA/policy/EmailCerts-policy.html
nsCertType = email
A certificate I have produced looks like this:
""
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Gauteng, L=Pretoria, O=DEC, CN=CA Admin
(email)/Email=c
[EMAIL PROTECTED]
Validity
Not Before: Oct 4 10:15:51 2000 GMT
Not After : May 27 10:15:51 2002 GMT
Subject: C=ZA, ST=Gauteng, L=Pretoria, O=DEC, CN=Jacobus vd
Merwe/Email=
[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit)
[ ... ]
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation
Netscape Comment:
This certificate is used for e-mail.
Netscape Base Url:
https://comint.dec.mil.za/
Netscape CA Revocation Url:
cgi-bin/pyca/get-cert.py/EmailCerts/crl
Netscape Revocation Url:
cgi-bin/pyca/ns-check-rev.py/EmailCerts?
Netscape Renewal Url:
cgi-bin/pyca/ns-renewal.py/EmailCerts?
Netscape CA Policy Url:
TestCA/policy/EmailCerts-policy.html
Netscape Cert Type:
S/MIME
Signature Algorithm: md5WithRSAEncryption
[ ...]
-----BEGIN CERTIFICATE-----
[ ... ]
-----END CERTIFICATE-----
In the certificate I see the Netscape cert type is "S/MIME".
Is this the problem??
What should it be?
Where can I find more info? Can you refer me to specific docs?
Thanks a lot.
Jacobus
> Good Luck.
> --
> Dott. Sergio Rabellino
>
> Technical Staff
> Department of Computer Science
> University of Torino (Italy)
> Member of the Internet Society
>
> http://www.di.unito.it/~rabser
> Tel. +39-0116706701
> Fax. +39-011751603
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
S/MIME Cryptographic Signature
